DOCSLIB.ORG

Based on May 2011 Occupational Standards

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Ethiopian TVET-System INFORMATION TECHNOLOGY SUPPORT SERVICE Level I Based on May 2011 Occupational Standards October, 2019 Module Title: Protecting Application or System Software TTLM Code: ICT ITS1 TTLM1019 v1 This module includes the following Learning Guides LG33: Ensure User Accounts are Controlled LG Code: ICT ITS1 M09LO1LG33 LG34: Detect and Remove Destructive Software LG Code: ICT ITS1 M09 LO2LG34 LG35: Identify and Take Action to Stop Spam LG Code: ICT ITS1 M09 LO3 – LG35 Version:01 ICT ITS1 Page No.2 Copyright: Ethiopia Federal TVET Agency Instruction Sheet LG33: Ensure User Accounts are Controlled This learning guide is developed to provide you the necessary information regarding the following content coverage and topics – User Account Control User Account Configuration Notifications Displayed at Logon Utilities Used to Check Strength of Passwords Accessing Information Services This guide will also assist you to attain the learning outcome stated in the cover page. Specifically, upon completion of this Learning Guide, you will be able to – Modify default user settings to ensure that they conform to security policy Previously created user settings are modified to ensure they conform to updated security policy Ensure legal notices displayed at logon are appropriate Appropriate utilities are used to check strength of passwords and consider tightening rules for password complexity Emails are monitored to uncover breaches in compliance with legislation information services are accessed to identify security gaps and take appropriate action using hardware and software or patches Learning Instructions: 1. Read the specific objectives of this Learning Guide. 2. Follow the instructions described below 3 to 6. 3. Read the information written in the information “Sheet 1, Sheet 2, Sheet 3 and Sheet 4” in page 3, 14, 20, 25 and 33 respectively. 4. Accomplish the “Self-Check 1, Self-Check 2, Self-Check 3, Self-Check 4 and Self-Check 5” in page 12, 18, 23, 30 and 37 respectively. 5. If you earned a satisfactory evaluation from the “Self-Check” proceed to “Operation Sheet 1, Operation Sheet 2 and Operation Sheet 3 ” in page 39 6. Do the “LAP test” in page 45 Version:01 ICT ITS1 Page No.3 Copyright: Ethiopia Federal TVET Agency Information Sheet - 1 User Account Control 1.1. User Access We do want our users to access the system; it’s just that we want them to have the appropriate access. The control of user access can take many forms and apply at several levels. Once a computer is physically accessed, the user usually logs on to gain access to applications. These applications will access data in files and folders. We can simplify the process down to 3 things. Physical access Authentication Authorisation 1.1.1. Physical Access The first layer of management and security is the physical access to the computer. To prevent unauthorised access, a company may make use of: locks on the front doors locks on each floor locks on offices, etc security guards cameras keys on computer systems. Only those who have permission and keys will be able to access a computer in the company’s premises. The Internet, however, presents issues concerning access to corporate information or systems because physical restrictions cannot be imposed. 1.1.2. Authentication Authentication is the process of verifying the identity of people who are attempting to access the network or system. Typically, a user identifies himself to the system, then is required to provide a second piece of information to prove their identity. This information is only known by the user or can only be produced by the user. The most common method used to authenticate users is the Username and Password method. Using this method a user identifies itself with a username. They are then prompted for a password. The combination of name and password are then compared by the system to its data on configured users and if the combination matches the system’s data the user is granted access. Other authentication methods include: Username with static passwords - the password stays the same until changed by the user at some time Usernames with dynamic passwords - the password is constantly changed by a password generator synchronized with the user and system. Version:01 ICT ITS1 Page No.4 Copyright: Ethiopia Federal TVET Agency Other challenge response systems - this may involve PINs, questions to the user requiring various answers or actions Certificate Based - this requires the user to have an electronic certificate or token. This may also need to be digitally signed by a trusted authority. Physical devices - these include the use of smartcards and biometrics. Generally, the entire authentication process occurs on the local workstation, thus eliminating the need for a special server. Whatever method is used is determined by the organisational policy and security requirements. 1.1.3. Authorisation Once a user has been authenticated (that is their identity validated) they are granted access to the network or system. For the user to then access data or an application or execute some task or command they need be authorised to do so. The authorisation process determines what the user can do on the network. In other words it enforces the organisation policy as applicable to the user. The Network and System administrators are responsible for the technical configuration of network operating systems, directory services and applications. Part of the configuration includes security settings that authorise user access. The administrators use an organisational policy to determine these settings. 1.2. User Account A user account is a collection of information that tells Windows which files and folders you can access, what changes you can make to the computer, and your personal preferences, such as your desktop background or screen saver. User accounts let you share a computer with several people, while having your own files and settings. Each person accesses his or her user account with a username and password. There are three types of accounts. Each type gives users a different level of control over the computer: Standard Accounts are for everyday computing. Administrator Accounts provide the most control over a computer, and should only be used when necessary. Guest Accounts are intended primarily for people who need temporary use of a computer. Version:01 ICT ITS1 Page No.5 Copyright: Ethiopia Federal TVET Agency 1.2.1. Standard User Account A standard user account lets you use most of the capabilities of the computer. You can use most programs that are installed on the computer and change settings that affect your user account. However, you can't install or uninstall some software and hardware, you can't delete files that are required for the computer to work, and you can't change settings that affect other users or the security of the computer. If you're using a standard account, you might be prompted for an administrator password before you can perform certain tasks. Why use a Standard User Account instead of an Administrator Account? The standard account can help protect your computer by preventing users from making changes that affect everyone who uses the computer, such as deleting files that are required for the computer to work. We recommend creating a standard account for each user. When you are logged on to Windows with a standard account, you can do almost anything that you can do with an administrator account, but if you want to do something that affects other users of the computer, such as installing software or changing security settings, Windows might ask you to provide a password for an administrator account. 1.2.2. Administrator Account An administrator account is a user account that lets you make changes that will affect other users. Administrators can change security settings, install software and hardware, and access all files on the computer. Administrators can also make changes to other user accounts. When you set up Windows, you'll be required to create a user account. This account is an administrator account that allows you to set up your computer and install any programs that you would like to use. Once you have finished setting up your computer, we recommend that you use a standard user account for your day-to-day computing. It's more secure to use a standard user account instead of an administrator account because it can prevent a person from making changes that affect everyone who uses the computer. 1.2.3. Guest Account A guest account allows people to have temporary access to your computer. People using the guest account can't install software or hardware, change settings, or create a password. You have to turn on the guest account before it can be used. Version:01 ICT ITS1 Page No.6 Copyright: Ethiopia Federal TVET Agency 1.3. User Profiles User profile is a collection of settings that make the computer look and work the way you want it to. It contains your settings for desktop backgrounds, screen savers, pointer preferences, sound settings, and other features. Your user profile ensures that your personal preferences are used whenever you log on to Windows. A user profile is different from a user account, which you use to log on to Windows. Each user account has at least one user profile associated with it. 1.4. User Account Control User Account Control (UAC) is a feature in Windows that can help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. If you’re doing tasks that can be done as a standard user, such as reading e-mail, listening to music, or creating documents, you have the permissions of a standard user—even if you’re logged on as an administrator.
Recommended publications
  • A Rule Based Approach for Spam Detection

    A Rule Based Approach for Spam Detection

    A RULE BASED APPROACH FOR SPAM DETECTION Thesis submitted in partial fulfillment of the requirements for the award of degree of Master of Engineering In Computer Science & Engineering By: Ravinder Kamboj (Roll No. 800832030) Under the supervision of: Dr. V.P Singh Mrs. Sanmeet Bhatia Assistant Professor Assistant Professor Computer Science & Engineering Department of SMCA COMPUTER SCIENCE AND ENGINEERING DEPARTMENT THAPAR UNIVERSITY PATIALA – 147004 JULY- 2010 i ii Abstract Spam is defined as a junk Email or unsolicited Email. Spam has increased tremendously in the last few years. Today more than 85% of e-mails that are received by e-mail users are spam. The cost of spam can be measured in lost human time, lost server time and loss of valuable mail. Spammers use various techniques like spam via botnet, localization of spam and image spam. According to the mail delivery process anti-spam measures for Email Spam can be divided in to two parts, based on Emails envelop and Email data. Black listing, grey listing and white listing techniques can be applied on the Email envelop to detect spam. Techniques based on the data part of Email like heuristic techniques and Statistical techniques can be used to combat spam. Bayesian filters as part of statistical technique divides the income message in to words called tokens and checks their probability of occurrence in spam e-mails and ham e-mails. Two types of approaches can be followed for the detection of spam e-mails one is learning approach other is rule based approach. Learning approach required a large dataset of spam e-mails and ham e-mails is required for the training of spam filter; this approach has good time characteristics filter can be retrained quickly for new Spam.
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used

    Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used

    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
  • Technical and Legal Approaches to Unsolicited Electronic Mail†

    Technical and Legal Approaches to Unsolicited Electronic Mail†

    35 U.S.F. L. REV. 325 (2001) Technical and Legal Approaches to Unsolicited Electronic Mail† By DAVID E. SORKIN* “Spamming” is truly the scourge of the Information Age. This problem has become so widespread that it has begun to burden our information infrastructure. Entire new networks have had to be constructed to deal with it, when resources would be far better spent on educational or commercial needs. United States Senator Conrad Burns (R-MT)1 UNSOLICITED ELECTRONIC MAIL, also called “spam,”2 causes or contributes to a wide variety of problems for network administrators, † Copyright © 2000 David E. Sorkin. * Assistant Professor of Law, Center for Information Technology and Privacy Law, The John Marshall Law School; Visiting Scholar (1999–2000), Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University. The author is grateful for research support furnished by The John Marshall Law School and by sponsors of the Center for Education and Research in Information Assurance and Security. Paul Hoffman, Director of the Internet Mail Consortium, provided helpful comments on technical matters based upon an early draft of this Article. Additional information related to the subject of this Article is available at the author’s web site Spam Laws, at http://www.spamlaws.com/. 1. Spamming: Hearing Before the Subcomm. on Communications of the Senate Comm. on Commerce, Sci. & Transp., 105th Cong. 2 (1998) (prepared statement of Sen. Burns), available at 1998 WL 12761267 [hereinafter 1998 Senate Hearing]. 2. The term “spam” reportedly came to be used in connection with online activities following a mid-1980s episode in which a participant in a MUSH created and used a macro that repeatedly typed the word “SPAM,” interfering with others’ ability to participate.
  • A Survey on Spam Detection Techniques

    A Survey on Spam Detection Techniques

    ISSN (Online) : 2278-1021 ISSN (Print) : 2319-5940 International Journal of Advanced Research in Computer and Communication Engineering Vol. 3, Issue 12, December 2014 A survey on spam detection techniques Anjali Sharma1, Manisha 2, Dr.Manisha 3 , Dr.Rekha Jain 4 1,2,3,4 Bansthali Vidyapith, Jaipur Campus, India Abstract: Today e-mails have become one of the most popular and economical forms of communication for Internet users. Thus due to its popularity, the e-mail is going to be misused. One such misuse is the posting of unwelcome, unwanted e-mails known as spam or junk e-mails [1]. E-mail spam has various consequences. It reduces productivity, takes extra space in mail boxes, extra time, extend software damaging viruses, and materials that contains potentially harmful information for Internet users, destroy stability of mail servers, and as a result users spend lots of time for sorting incoming mail and deleting unwanted correspondence. So there is a need of spam detection so that its consequences can be reduced [2]. In this paper, we present various spam detection techniques. Keywords: Spam, Spam detection techniques, Email classification I. INTRODUCTION Spam refers to unsolicited commercial email. Also known firewalls; therefore, it is an especially useful way for as junk mail, spam floods Internet users’ electronic spammers. It targets the users when they join any chat mailboxes. These junk mails can contain various types of room to find new friends. It spoils enjoy of people and messages such as pornography, commercial advertising, waste their time also. doubtful product, viruses or quasi legal services [3].
  • Asian Anti-Spam Guide 1

    Asian Anti-Spam Guide 1

    Asian Anti-Spam Guide 1 © MediaBUZZ Pte Ltd January 2009 Asian Anti-SpamHighlights Guide 2 • Combating the latest inbound threat: Spam and dark traffic, Pg. 13 • Secure Email Policy Best Practices, Pg. 17 • The Continuous Hurdle of Spam, Pg. 29 • Asian Anti Spam Acts, Pg. 42 Contents: • Email Spam: A Rising Tide 4 • What everyone should know about spam and privacy 7 • Scary Email Issues of 2008 12 • Combating the latest inbound threat: Spam and dark 13 • Proofpoint survey viewed spam as an increasing threat 16 • Secure Email Policy Best Practices 17 • Filtering Out Spam and Scams 24 • The Resurgence of Spam 26 • 2008 Q1 Security Threat landscape 27 • The Continuous Hurdle of Spam 29 • Spam Filters are Adaptive 30 • Liberating the inbox: How to make email safe and pro- 31 ductive again • Guarantee a clear opportunity to opt out 33 • The Great Balancing Act: Juggling Collaboration and 34 Authentication in Government IT Networks • The Not So Secret Cost of Spam 35 • How to Avoid Spam 36 • How to ensure your e-mails are not classified as spam 37 • Blue Coat’s Top Security Trends for 2008 38 • The Underground Economy 40 • Losing Email is No Longer Inevitable 42 • Localized malware gains ground 44 • Cyber-crime shows no signs of abating 45 MEDIABUZZ PTE LTD • Asian Anti-Spam Acts 47 ASIAN ANTI-SPAM GUIDE © MediaBUZZ Pte Ltd January 2009 Asian Anti-SpamHighlights Guide 3 • Frost & Sullivan: Do not underestimate spam, Pg. 65 • Unifying email security is key, Pg. 71 • The many threats of network security, Pg. 76 • The UTM story, Pg.
  • Internet Security

    Internet Security

    In the News Articles in the news from the past month • “Security shockers: 75% of US bank websites Internet Security have flaws” • “Blank robbers swipe 3,000 ‘fraud-proof’ UK passports” • “Korean load sharks feed on hacked data” • “Worms spread via spam on Facebook and Nan Niu ([email protected]) MySpace” CSC309 -- Fall 2008 • “Beloved websites riddled with crimeware” • “Google gives GMail always-on encryption” http://www.theregister.co.uk 2 New Targets of 2007 Scenario 1 • Cyber criminals and cyber spies have • The Chief Information Security Officer shifted their focus again of a medium sized, but sensitive, federal – Facing real improvements in system and agency learned that his computer was network security sending data to computers in China. • The attackers now have two new targets • He had been the victim of a new type of spear phishing attack highlighted in this – users who are easily misled year’s Top 20. – custom-built applications • Once they got inside, the attackers had • Next, 4 exploits scenarios… freedom of action to use his personal • Reported by SANS (SysAdmin, Audit, Network, computer as a tunnel into his agency’s Security), http://www.sans.org systems. 3 4 Scenario 2 Scenario 3 • Hundreds of senior federal officials and business • A hospital’s website was compromised executives visited a political think-tank website that had been infected and caused their computers to because a Web developer made a become zombies. programming error. • Keystroke loggers, placed on their computers by the • Sensitive patient records were taken. criminals (or nation-state), captured their user names and passwords when their stock trading accounts and • When the criminals proved they had the their employers computers, and sent the data to data, the hospital had to choose between computers in different countries.
  • Factors Involved in Estimating Cost of Email Spam

    Factors Involved in Estimating Cost of Email Spam

    Factors involved in estimating cost of Email spam Farida Ridzuan, Vidyasagar Potdar, Alex Talevski Anti Spam Research Lab, Digital Ecosystems and Business Intelligence Institute, Curtin University of Technology. [email protected], {v.potdar, a.talevski}@curtin.edu.au Abstract. This paper analyses existing research work to identify all possible factors involved in estimating cost of spam. Main motivation of this paper is to provide unbiased spam costs estimation. For that, we first study the email spam lifecycle and identify all possible stakeholders. We then categorise cost and study the impact on each stakeholder. This initial study will form the backbone of the real time spam cost calculating engine that we are developing for Australia. Keywords: spam cost, email spam, spam lifecycle 1 Introduction Spamming in email refers to sending unwanted, irrelevant, inappropriate and unsolicited email messages to a large number of recipients. Sending email is fast, convenient and cheap; making it as an important means of communication in business and personal. This is supported by the report from Radicati Group saying that there is a growth of email users from time to time [1]. Dependencies on email usage throughout the whole world provide a huge opportunity to the spammers for spamming. Spamming activities starts from spammers (who create and send spam), but its impacts goes far beyond them, involving Internet Service Provider (ISP), company, and users (spam email recipients) since they represent the key stakeholders. It is undeniable that each stakeholders involved in this activity has to bear some costs associated with spam. Throughout our study, there are a few papers discussing on the costs of email spam, but most of them focuses only on one stakeholder, which is the user.
  • NIST SP 800-44 Version 2

    NIST SP 800-44 Version 2

    Special Publication 800-44 Version 2 Guidelines on Securing Public Web Servers Recommendations of the National Institute of Standards and Technology Miles Tracy Wayne Jansen Karen Scarfone Theodore Winograd NIST Special Publication 800-44 Guidelines on Securing Public Web Version 2 Servers Recommendations of the National Institute of Standards and Technology Miles Tracy, Wayne Jansen, Karen Scarfone, and Theodore Winograd C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 September 2007 U.S. Department of Commerce Carlos M. Gutierrez, Secretary National Institute of Standards and Technology James Turner, Acting Director GUIDELINES ON SECURING PUBLIC WEB SERVERS Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-44 Version 2 Natl. Inst. Stand. Technol. Spec. Publ. 800-44 Ver.
  • Design of SMS Commanded-And-Controlled and P2P-Structured Mobile Botnets

    Design of SMS Commanded-And-Controlled and P2P-Structured Mobile Botnets

    Design of SMS Commanded-and-Controlled and P2P-Structured Mobile Botnets Yuanyuan Zeng, Kang G. Shin, Xin Hu The University of Michigan, Ann Arbor, MI 48109-2121, U.S.A. fgracez, kgshin, [email protected] Abstract—Botnets have become one of the most serious security is usually capable of only one or two functions. Although the threats to the Internet and personal computer (PC) users. number of mobile malware families and their variants has been Although botnets have not yet caused major outbreaks in mobile growing steadily over the recent years, their functionalities networks, with the rapidly-growing popularity of smartphones such as Apple’s iPhone and Android-based phones that store have remained simple until recently. more personal data and gain more capabilities than earlier- SymbOS.Exy.A trojan [2] was discovered in February 2009 generation handsets, botnets are expected to move towards this and its variant SymbOS.Exy.C resurfaced in July 2009. This mobile domain. Since SMS is ubiquitous to every phone and can mobile worm, which is said to have “botnet-esque” behavior delay message delivery for offline phones, it is a suitable medium patterns, differs from other mobile malware because after for command and control (C&C). In this paper, we describe how a mobile botnet can be built by utilizing SMS messages infection, it connects back to a malicious HTTP server and for C&C, and how different P2P structures can be exploited reports information of the device and its user. The Ikee.B for mobile botnets. Our simulation results demonstrate that a worm [3] targets jailbroken iPhones, and has behavior similar modified Kademlia—a structured architecture—is a better choice to SymbOS.Exy.
  • Anti-Spam Methods

    Anti-Spam Methods

    INTRODUCTION Spamming is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi- legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender. There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems. Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.
  • Spam (Spam 2.0) Through Web Usage

    Spam (Spam 2.0) Through Web Usage

    Digital Ecosystems and Business Intelligence Institute Addressing the New Generation of Spam (Spam 2.0) Through Web Usage Models Pedram Hayati This thesis is presented for the Degree of Doctor of Philosophy of Curtin University July 2011 I Abstract Abstract New Internet collaborative media introduce new ways of communicating that are not immune to abuse. A fake eye-catching profile in social networking websites, a promotional review, a response to a thread in online forums with unsolicited content or a manipulated Wiki page, are examples of new the generation of spam on the web, referred to as Web 2.0 Spam or Spam 2.0. Spam 2.0 is defined as the propagation of unsolicited, anonymous, mass content to infiltrate legitimate Web 2.0 applications. The current literature does not address Spam 2.0 in depth and the outcome of efforts to date are inadequate. The aim of this research is to formalise a definition for Spam 2.0 and provide Spam 2.0 filtering solutions. Early-detection, extendibility, robustness and adaptability are key factors in the design of the proposed method. This dissertation provides a comprehensive survey of the state-of-the-art web spam and Spam 2.0 filtering methods to highlight the unresolved issues and open problems, while at the same time effectively capturing the knowledge in the domain of spam filtering. This dissertation proposes three solutions in the area of Spam 2.0 filtering including: (1) characterising and profiling Spam 2.0, (2) Early-Detection based Spam 2.0 Filtering (EDSF) approach, and (3) On-the-Fly Spam 2.0 Filtering (OFSF) approach.
  • How Do Spammers Harvest Email Addresses ?

    How Do Spammers Harvest Email Addresses ?

    11/26/12 How do spammers harv est email addresses ? How do spammers harvest email addresses ? By Uri Raz There are many ways in which spammers can get your email address. The ones I know of are : 1. From posts to UseNet with your email address. Spammers regularily scan UseNet for email address, using ready made programs designed to do so. Some programs just look at articles headers which contain email address (From:, Reply-To:, etc), while other programs check the articles' bodies, starting with programs that look at signatures, through programs that take everything that contain a '@' character and attempt to demunge munged email addresses. There have been reports of spammers demunging email addresses on occasions, ranging from demunging a single address for purposes of revenge spamming to automatic methods that try to unmunge email addresses that were munged in some common ways, e.g. remove such strings as 'nospam' from email addresses. As people who where spammed frequently report that spam frequency to their mailbox dropped sharply after a period in which they did not post to UseNet, as well as evidence to spammers' chase after 'fresh' and 'live' addresses, this technique seems to be the primary source of email addresses for spammers. 2. From mailing lists. Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request],knowing that the email addresses are unmunged and that only a few of the addresses are invalid. When mail servers are configured to refuse such requests, another trick might be used - spammers might send an email to the mailing list with the headers Return- Receipt-To: <email address> or X-Confirm-Reading-To: <email address>.